How to configure new ISP to make dual ISPs Active Active on single firewall Palo Alto.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to configure new ISP to make dual ISPs Active Active on single firewall Palo Alto.

L2 Linker

Hi All,

How to configure dual ISP with both ISP is active at the same time.

Local user can user both Isp when they using Internet.

How possible ?

PA-200 PAN OS 8.1.8

Thanks. Pls Advise.

5 REPLIES 5

L3 Networker

Hi Abdulhakam,

 

If you are using BGP ( Dynamic Routing Protocol) then you can do load-balancing both links with prefix-based-Ips' subnets both live and also you can use AS-PATH attribute to provide the dynamic redundancy as well if one link down. 

 

Or if you are using the static route then you can configure multiple static default routes with path monitoring to provide the failover if the lowest path is failed. Here you can get Active/Active load balancing.

 

Best Regards,

Suresh

 

 

Sureshreddymudhireddy

Hi Suresh, I think using BGP when I checked on virtual router. Have configuration on BGP and don't have static route. ISPs using dynamic IP address. On port 1/1. I plan to another ISP will use port 1/2. Can you share details about configuration ? Thanks Hakam

Cyber Elite
Cyber Elite

Hi @abdulhakam ,

 

You can achieve it using ECMP. With this, firewall will have equal cost routes to the internet. And firewall will take one of the route to pass the traffic. Also you can have route monitoring for the failover. In case, any of the internet goes down, firewall will remove its associated route from the FIB. You can refer below article for configuration details.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF8CAK

 

Hope it helps!

M

Hi @SutareMayur ,

 

Thanks for respond, 

It's possible implement with both ISPs using dynamic (PPPoE).?

I saw the link below have using Static Ip Address.

 

Thanks
Hakam

L0 Member

it's doable you can utilize ecmp and with the help of balanced roundrobin we can achieve active-active load balance.

  • 7856 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!